作为一名Android系统开发者,可能常常需要为第三方APK或者自己开发的APK添加系统签名。但是又不想次次把源码或者第三方APK放到整个系统源码里面去编译签名,这里就以platform签名为例,为大家介绍两种签名方式。
1. 自定义签名脚本
首先我们确定系统源码的根目录。这里为~/aosp/,大家可以替换成自己的系统源码路径。
在任意目录下vi sign.sh新建一个shell脚本文件,这里我们在temp下新建:
soap@ubuntu:~/temp$ vi sign.sh
输入以下内容后保存退出。
#!/bin/bash
#config
KEY_DIR=~/aosp/build/target/product/security
SIGN_LIB_DIR=~/aosp/out/host/linux-x86
MEDIA_PK8=$KEY_DIR/media.pk8
MEDIA_PEM=$KEY_DIR/media.x509.pem
PLATFORM_PK8=$KEY_DIR/platform.pk8
PLATFORM_PEM=$KEY_DIR/platform.x509.pem
RELEASE_PK8=$KEY_DIR/releasekey.pk8
RELEASE_PEM=$KEY_DIR/releasekey.x509.pem
SHARED_PK8=$KEY_DIR/shared.pk8
SHARED_PEM=$KEY_DIR/shared.x509.pem
TEST_PK8=$KEY_DIR/testkey.pk8
TEST_PEM=$KEY_DIR/testkey.x509.pem
SIGN_JAR=$SIGN_LIB_DIR/framework/signapk.jar
SIGN_LIB=$SIGN_LIB_DIR/lib64
#example: sign Camera.apk platform
sign(){
local unsigned_apk=$1
local sign_type=$2
local signed_apk=${unsigned_apk%.*}_${sign_type}_signed.apk
local pk8=$PLATFORM_PK8
local pem=$PLATFORM_PEM
#echo "$unsigned_apk, $signed_apk, $sign_type"
if [ $sign_type = "media" ]; then
pk8=$MEDIA_PK8
pem=$MEDIA_PEM
elif [ $sign_type = "platform" ] ; then
pk8=$PLATFORM_PK8
pem=$PLATFORM_PEM
elif [ $sign_type = "release" ] ; then
pk8=$RELEASE_PK8
pem=$RELEASE_PEM
elif [ $sign_type = "shared" ] ; then
pk8=$SHARED_PK8
pem=$SHARED_PEM
elif [ $sign_type = "test" ] ; then
pk8=$TEST_PK8
pem=$TEST_PEM
else
echo "Failed: unknown sign type, Available sign type:
media, platform, release, shared, test."
return 0;
fi
echo "unsigned apk:$unsigned_apk, signed apk:$signed_apk, sign type:$sign_type"
java -Djava.library.path=$SIGN_LIB -jar $SIGN_JAR $pem $pk8 $unsigned_apk $signed_apk
echo "Success!"
return 1;
}
简单介绍一下脚本,上面我们先指定好了platform.pk8、platform.x509.pem、signapk.jar、so库的路径,然后在函数sign中用java命令签名。签名前,我们先在命令行source sign.sh,然后执行sign xxx.apk platform即可为APK签名了。sign命令后面的两个参数,第一个参数是APK文件名,第二个参数是签名类型。例如,我们为temp下的Camera.apk加上platform签名:
soap@ubuntu:~/temp$ source sign.sh
soap@ubuntu:~/temp$ ls
Camera.apk sign.sh
soap@ubuntu:~/temp$ sign Camera.apk platform
soap@ubuntu:~/temp$ ls
Camera.apk Camera_platform_signed.apk sign.sh
我们安装测试一下:
soap@ubuntu:~/temp$ adb install -r Camera_platform_signed.apk
Performing Streamed Install
Success
2. 生成keystore文件并在Android Studio中导入使用
2.1 从系统源码中取出platform.pk8和platform.x509.pem
soap@ubuntu:~/aosp$ cp build/target/product/security/platform.pk8 ~/keystore/
soap@ubuntu:~/aosp$ cp build/target/product/security/platform.x509.pem ~/keystore/
2.2 生成中间文件platform.priv.pem
soap@ubuntu:~/aosp$ cd ~/keystore/
soap@ubuntu:~/keystore$ openssl pkcs8 -in platform.pk8 -inform der -outform pem -out platform.priv.pem -nocrypt
soap@ubuntu:~/keystore$ ls
platform.pk8 platform.priv.pem platform.x509.pem
2.3 生成中间文件platform.pk12,记下这步输入的密码,下一步要用到。这里密码我们直接使用android
soap@ubuntu:~/keystore$ openssl pkcs12 -export -in platform.x509.pem -inkey platform.priv.pem -out platform.pk12 -name androiddebugkey
Enter Export Password:
Verifying - Enter Export Password:
soap@ubuntu:~/keystore$ ls
platform.pk12 platform.pk8 platform.priv.pem platform.x509.pem
2.4 生成keystore
soap@ubuntu:~/keystore$ keytool -importkeystore -srckeystore platform.pk12 -srcstoretype pkcs12 -srcstorepass android -destkeystore platform.keystore -deststoretype pkcs12 -deststorepass android -destkeypass android -alias androiddebugkey
soap@ubuntu:~/keystore$ ls
platform.keystore platform.pk12 platform.pk8 platform.priv.pem platform.x509.pem
2.5 Android Studio导入keystore文件
把platform.keystore文件拷贝到Android Studio需要签名的项目的app/下面,然后在app的build.gradle中配置签名:
signingConfigs {
debug {
storeFile file('platform.keystore')
storePassword 'android'
keyAlias = 'androiddebugkey'
keyPassword 'android'
}
}
例如:
image
以上就是为APK添加系统签名的两种方式,望能帮到大家。